- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello.
IAM authentication via RDS Proxy should be the same procedure as connecting to an RDS instance, so the IAM policy used should be the same.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html#rds-proxy-connecting
Therefore, I think it is necessary to link the following policy to the IAM Identity Center user.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDEFGHIJKL01234/db_user"
]
}
]
}
To use allow IAM Identity Centre Users to connect to the RDS proxy or database you will need to create a new permission set (or update an old one) to include a IAM policy which allows access to the RDS proxy/ DB instance. Then you will need to assign users to that permission set in the AWS account.
This is a bit messy as Role-Based access is generic, so you can either use the full proxy/database ARN the policy (to create a permission set specific to an AWS account) or the something like the following to allow access to all RDS Instances in the account.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-2:1234567890:dbuser:*/*"
]
}
]
}
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa